[Samba] Re: RedHat+Samba+Winbind to ADS

Andrew Bartlett abartlet at samba.org
Tue Feb 22 08:56:40 GMT 2005


On Mon, 2005-02-21 at 14:10 +0100, Antón wrote: 
> Andrew Bartlett wrote:
> 
> > On Wed, 2005-02-16 at 10:09 -0500, Greg Folkert wrote:
> >> On Wed, 2005-02-16 at 11:49 +0100, Antón wrote:
> >> > Hi,
> >> > 
> >> > I 've a gateway and I want to use squid authenticated with Windows
> >> > 2000 Active Directory users.
> >> > 
> >> > I've a development platform with Debian/Sarge as gateway, and it
> >> > works. (samba 3.0.10-1 and Kerberos 1.3.6-1)
> >> > 
> >> > On the other side the production platform uses RedHat Enterprise
> >> > AS3, initially with Samba 3.0.6 and Kerberos 1.2.7-28. I was not
> >> > able to use Active directory groups without get smb panic errors in
> >> > winbindd, so I update to Samba 3.0.9-1.3E.2 and Kerberos 1.2.7-38
> >> > (last available updates).
> >> 

> |connecting to PDC from GATEWAY with kerberos principal
> [GATEWAY$@TEST.COM]
> |Doing kerberos session setup
> |failed tcon_X with NT_STATUS_ACCESS_DENIED


This looks like a bug that is fixed in Samba 3.0.11, ie we were getting
the krb5 smb signing wrong.

Otherwise, see if the windows server gives hints as to the cause of the
error.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050222/f5fe9b16/attachment.bin


More information about the samba mailing list